upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-06 21:17:14 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

Compare commits

base: upRootNutrition:2932b9f18de9ec394ddbc0db87cb1c634d46fd87
Branches Tags
upRootNutrition:main
...
compare: upRootNutrition:e824bcaae1b05def8052d03f94440beb11134297
Branches Tags
upRootNutrition:main

2 commits
2932b9f18d ... e824bcaae1

Author SHA1 Message Date
Nick
e824bcaae1 feat: added minecraft server 2025-11-18 02:05:01 -06:00
Nick
5e8b59c7ad feat: added minecraft server 2025-11-17 22:56:40 -06:00
15 changed files with 468 additions and 240 deletions
Download patch file Download diff file Expand all files Collapse all files

213
flake.lock generated
View file

@ -33,6 +33,27 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"nixpkgs": [
"tuios",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741473158,
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"owner": "numtide",
"repo": "devshell",
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"elm-spa": { "elm-spa": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -194,6 +215,22 @@
} }
}, },
"flake-compat_4": { "flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1746162366,
"narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1747046372, "lastModified": 1747046372,
@ -305,6 +342,27 @@
} }
}, },
"flake-parts_6": { "flake-parts_6": {
"inputs": {
"nixpkgs-lib": [
"tuios",
"nixpkgs"
]
},
"locked": {
"lastModified": 1760948891,
"narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_7": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_4" "nixpkgs-lib": "nixpkgs-lib_4"
}, },
@ -322,7 +380,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_7": { "flake-parts_8": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_5" "nixpkgs-lib": "nixpkgs-lib_5"
}, },
@ -340,6 +398,21 @@
"type": "github" "type": "github"
} }
}, },
"flake-root": {
"locked": {
"lastModified": 1723604017,
"narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=",
"owner": "srid",
"repo": "flake-root",
"rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_3"
@ -391,6 +464,32 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks-nix": {
"inputs": {
"flake-compat": [
"tuios",
"flake-compat"
],
"gitignore": "gitignore_3",
"nixpkgs": [
"tuios",
"nixpkgs"
]
},
"locked": {
"lastModified": 1760663237,
"narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -434,6 +533,28 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_3": {
"inputs": {
"nixpkgs": [
"tuios",
"git-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -1038,6 +1159,35 @@
"type": "github" "type": "github"
} }
}, },
"nix-fast-build": {
"inputs": {
"flake-parts": [
"tuios",
"flake-parts"
],
"nixpkgs": [
"tuios",
"nixpkgs"
],
"treefmt-nix": [
"tuios",
"treefmt-nix"
]
},
"locked": {
"lastModified": 1760844047,
"narHash": "sha256-keUdhTbSV3PyqGxyXLE49FxsZ/Ev1dsSZPYOtQIJoDk=",
"owner": "Mic92",
"repo": "nix-fast-build",
"rev": "a0f6a196f09000e43951e543ede70140a16aa0ff",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "nix-fast-build",
"type": "github"
}
},
"nixcord": { "nixcord": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
@ -1532,6 +1682,7 @@
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"systems": "systems_5", "systems": "systems_5",
"treefmt-nix": "treefmt-nix_3", "treefmt-nix": "treefmt-nix_3",
"tuios": "tuios",
"upRootNutrition": "upRootNutrition", "upRootNutrition": "upRootNutrition",
"waybar": "waybar", "waybar": "waybar",
"wpaperd": "wpaperd", "wpaperd": "wpaperd",
@ -1742,6 +1893,27 @@
} }
}, },
"treefmt-nix_4": { "treefmt-nix_4": {
"inputs": {
"nixpkgs": [
"tuios",
"nixpkgs"
]
},
"locked": {
"lastModified": 1760945191,
"narHash": "sha256-ZRVs8UqikBa4Ki3X4KCnMBtBW0ux1DaT35tgsnB1jM4=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "f56b1934f5f8fcab8deb5d38d42fd692632b47c2",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_5": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_8"
}, },
@ -1759,7 +1931,7 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix_5": { "treefmt-nix_6": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_9" "nixpkgs": "nixpkgs_9"
}, },
@ -1777,13 +1949,40 @@
"type": "github" "type": "github"
} }
}, },
"tuios": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_6",
"flake-root": "flake-root",
"git-hooks-nix": "git-hooks-nix",
"nix-fast-build": "nix-fast-build",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix_4"
},
"locked": {
"lastModified": 1763040930,
"narHash": "sha256-iR8IPelvfTeS8cG7Duruf4zzVChdQCBdBvNFkjPUxMU=",
"owner": "Gaurav-Gosain",
"repo": "tuios",
"rev": "2fc6f7a498aef55c509c1eb575badd9d0b4855a9",
"type": "github"
},
"original": {
"owner": "Gaurav-Gosain",
"repo": "tuios",
"type": "github"
}
},
"upRootNutrition": { "upRootNutrition": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_6", "flake-parts": "flake-parts_7",
"mkElmDerivation": "mkElmDerivation_2", "mkElmDerivation": "mkElmDerivation_2",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_7",
"nixpkgs-stable": "nixpkgs-stable_4", "nixpkgs-stable": "nixpkgs-stable_4",
"treefmt-nix": "treefmt-nix_4" "treefmt-nix": "treefmt-nix_5"
}, },
"locked": { "locked": {
"lastModified": 1761538643, "lastModified": 1761538643,
@ -1801,7 +2000,7 @@
}, },
"waybar": { "waybar": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_5",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -1918,11 +2117,11 @@
}, },
"zookeeper": { "zookeeper": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_7", "flake-parts": "flake-parts_8",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"treefmt-nix": "treefmt-nix_5" "treefmt-nix": "treefmt-nix_6"
}, },
"locked": { "locked": {
"lastModified": 1763275059, "lastModified": 1763275059,

4
flake.nix
View file

@ -68,6 +68,10 @@
url = "github:kaylorben/nixcord"; url = "github:kaylorben/nixcord";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
tuios = {
url = "github:Gaurav-Gosain/tuios";
inputs.nixpkgs.follows = "nixpkgs";
};
microvm = { microvm = {
url = "github:microvm-nix/microvm.nix"; url = "github:microvm-nix/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

40
modules/config/instances/config/minecraft.nix
View file

@ -1,30 +1,38 @@
{ moduleFunctions }: { moduleFunctions }:
let let
inherit (moduleFunctions.instancesFunctions) inherit (moduleFunctions.instancesFunctions)
domain0 varPath
servicePath mntPath
sslPath secretPath
sopsPath
; ;
label = "Minecraft"; label = "Minecraft";
name = "minecraft"; name = "minecraft";
short = "mine";
secrets = "${secretPath}/${name}";
in in
{ {
label = label; label = label;
name = name; name = name;
sops = { short = short;
path0 = "${sopsPath}/${name}";
};
subdomain = name;
paths = {
path0 = "${servicePath}/${label}";
};
ports = { ports = {
port0 = 43000; # Minecraft (Brix on Nix) port0 = 43000;
}; };
ssl = { interface = {
cert = "${sslPath}/${name}.${domain0}/fullchain.pem"; id = "vm-${short}";
key = "${sslPath}/${name}.${domain0}/key.pem"; mac = "02:00:00:00:51:41";
idUser = "vmuser-${short}";
macUser = "02:00:00:00:00:41";
ip = "192.168.50.141";
gate = "192.168.50.1";
ssh = 2401;
};
varPaths = {
path0 = "${varPath}/${name}";
};
mntPaths = {
path0 = "${mntPath}/${name}";
};
secretPaths = {
path0 = secrets;
}; };
} }

2
modules/home/gui/apps/messaging/vesktop/default.nix
View file

@ -6,7 +6,7 @@
{ {
home.packages = builtins.attrValues { home.packages = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
zoom-us discord
; ;
}; };

2
modules/nixos/default.nix
View file

@ -61,7 +61,7 @@ in
mastodon mastodon
microvm microvm
midnight midnight
# minecraft minecraft
# ollamaCeres # ollamaCeres
ceresOpenCloud ceresOpenCloud
# postgresCeres # postgresCeres

6
modules/nixos/desktop/wayland/tuios/default.nix Executable file
View file

@ -0,0 +1,6 @@
{ flake, pkgs, ... }:
{
environment.systemPackages = [
flake.inputs.tuios.packages.${pkgs.system}.default
];
}

17
modules/nixos/guests/firefly-iii/default.nix
View file

@ -221,14 +221,6 @@ in
}; };
}; };
users.users.caddy.extraGroups = [ "acme" ];
security.acme.certs."${host}" = {
dnsProvider = dns;
environmentFile = config.sops.secrets.${dnsPath}.path;
group = "caddy";
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -" "d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
"d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -" "d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
@ -253,6 +245,15 @@ in
] ]
); );
}; };
users.users.caddy.extraGroups = [ "acme" ];
security.acme.certs."${host}" = {
dnsProvider = dns;
environmentFile = config.sops.secrets.${dnsPath}.path;
group = "caddy";
};
services.caddy.virtualHosts."${host}" = { services.caddy.virtualHosts."${host}" = {
extraConfig = '' extraConfig = ''
reverse_proxy http://${serviceCfg.interface.ip}:80 { reverse_proxy http://${serviceCfg.interface.ip}:80 {

11
modules/nixos/guests/minecraft/default.nix Executable file
View file

@ -0,0 +1,11 @@
let
importList =
let
content = builtins.readDir ./.;
dirContent = builtins.filter (n: content.${n} == "directory") (builtins.attrNames content);
in
map (name: ./. + "/${name}") dirContent;
in
{
imports = importList;
}

188
modules/nixos/guests/minecraft/world0/default.nix Executable file
View file

@ -0,0 +1,188 @@
{
flake,
...
}:
let
inherit (flake.config.people) user0;
inherit (flake.config.services) instances;
serviceCfg = instances.minecraft;
hostCfg = instances.web;
world = "world0";
in
{
microvm.vms = {
"${serviceCfg.name}-${world}" = {
autostart = true;
restartIfChanged = true;
config = {
system.stateVersion = "24.05";
time.timeZone = "America/Winnipeg";
users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys;
services = {
minecraft-server = {
enable = true;
eula = true;
openFirewall = true;
declarative = true;
serverProperties = {
"rcon.password" = "/etc/${serviceCfg.name}-secrets/${world}";
allow-flight = false;
allow-nether = true;
difficulty = 2;
enable-command-block = false;
enable-rcon = true;
enable-status = true;
force-gamemode = true;
gamemode = 0;
generate-structures = true;
hardcore = false;
hide-online-players = false;
level-name = "Brix on Nix";
level-seed = "9064150133272194";
max-players = 10;
max-world-size = 64000000;
motd = "A cool Minecraft server powered by NixOS";
online-mode = true;
pvp = true;
server-ip = hostCfg.localhost.address1;
server-port = serviceCfg.ports.port0;
spawn-animals = true;
spawn-monsters = true;
spawn-npcs = true;
spawn-protection = 16;
view-distance = 32;
white-list = true;
};
whitelist = {
Hefty_Chungus = "b75a9816-d408-4c54-b226-385b59ea1cb3";
Hefty_Chungus_Jr = "c3bf8cac-e953-4ea4-ae5f-7acb92a51a85";
EclipseMoon01 = "adef4af7-d8c6-4627-b492-e990ea1bb993";
Fallaryn = "d8baa117-ab58-4b07-92a5-48fb1978eb49";
};
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
};
networking.firewall.allowedTCPPorts = [
22 # SSH
serviceCfg.ports.port0
];
systemd = {
services = {
"${serviceCfg.name}-copy-secrets" = {
description = "Copy secrets from virtiofs to local filesystem";
before = [ "minecraft-server.service" ];
requiredBy = [ "minecraft-server.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p /etc/${serviceCfg.name}-secrets
cp /run/secrets/${world} /etc/${serviceCfg.name}-secrets/${world}
chmod 755 /etc/${serviceCfg.name}-secrets
chmod 644 /etc/${serviceCfg.name}-secrets/*
'';
};
};
network = {
enable = true;
networks."20-lan" = {
matchConfig.Name = "enp0s5";
addresses = [
{ Address = "${serviceCfg.interface.ip}/24"; }
];
routes = [
{
Destination = "${hostCfg.localhost.address1}/0";
Gateway = serviceCfg.interface.gate;
}
];
dns = [
"1.1.1.1"
"8.8.8.8"
];
};
};
tmpfiles.rules = [
"Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
];
};
systemd.services.systemd-networkd.wantedBy = [ "multi-user.target" ];
microvm = {
vcpu = 6;
mem = 1024 * 8;
hypervisor = "qemu";
interfaces = [
{
type = "tap";
id = serviceCfg.interface.id;
mac = serviceCfg.interface.mac;
}
{
type = "user";
id = serviceCfg.interface.idUser;
mac = serviceCfg.interface.macUser;
}
];
forwardPorts = [
{
from = "host";
host.port = serviceCfg.interface.ssh;
guest.port = 22;
}
];
shares = [
{
mountPoint = "/nix/.ro-store";
proto = "virtiofs";
source = "/nix/store";
tag = "read_only_nix_store";
}
{
mountPoint = "/var/lib/${serviceCfg.name}";
proto = "virtiofs";
source = serviceCfg.mntPaths.path0;
tag = "${serviceCfg.name}_data";
}
{
mountPoint = "/run/secrets";
proto = "virtiofs";
source = "/run/secrets/${serviceCfg.name}";
tag = "host_secrets";
}
];
};
};
};
};
systemd = {
tmpfiles.rules = [
"d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
];
};
sops.secrets = {
"${serviceCfg.name}/${world}" = {
owner = "root";
mode = "0600";
};
};
networking.firewall.allowedTCPPorts = [ serviceCfg.ports.port0 ];
}

58
modules/nixos/services/audiobookshelf/default.nix
View file

@ -1,58 +0,0 @@
{ flake, ... }:
let
inherit (flake.config.services.instances) audiobookshelf web;
inherit (flake.config.machines.devices) ceres;
service = audiobookshelf;
host = service.domains.url0;
localhost = web.localhost.address0;
in
{
services = {
audiobookshelf = {
enable = true;
host = localhost;
port = service.ports.port0;
dataDir = service.name;
openFirewall = true;
};
caddy = {
virtualHosts = {
"${host}" = {
extraConfig = ''
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
reverse_proxy ${localhost}:${toString service.ports.port0}
tls ${service.ssl.cert} ${service.ssl.key}
encode gzip zstd
'';
};
};
};
};
fileSystems."/var/lib/${service.name}" = {
device = service.paths.path0;
fsType = "none";
options = [
"bind"
];
depends = [
ceres.storage0.mount
];
};
systemd.tmpfiles.rules = [
"Z ${service.paths.path0} 0755 ${service.name} ${service.name} -"
];
networking = {
firewall = {
allowedTCPPorts = [
service.ports.port0
];
};
};
}

98
modules/nixos/services/minecraft/default.nix
View file

@ -1,98 +0,0 @@
{
config,
flake,
...
}:
let
inherit (flake.config.machines.devices) ceres;
inherit (flake.config.services.instances) minecraft;
service = minecraft;
in
{
services = {
minecraft-server = {
enable = true;
eula = true;
openFirewall = true;
declarative = true;
serverProperties = {
"rcon.password" = config.sops.secrets."${service.name}-pass".path;
allow-flight = false;
allow-nether = true;
difficulty = 2;
enable-command-block = false;
enable-rcon = true;
enable-status = true;
force-gamemode = true;
gamemode = 0;
generate-structures = true;
hardcore = false;
hide-online-players = false;
level-name = "Brix on Nix";
level-seed = "9064150133272194";
max-players = 10;
max-world-size = 64000000;
motd = "A cool Minecraft server powered by NixOS";
online-mode = true;
pvp = true;
server-port = service.ports.port0;
spawn-animals = true;
spawn-monsters = true;
spawn-npcs = true;
spawn-protection = 16;
view-dtstance = 32;
white-list = true;
};
whitelist = {
Hefty_Chungus = "b75a9816-d408-4c54-b226-385b59ea1cb3";
Hefty_Chungus_Jr = "c3bf8cac-e953-4ea4-ae5f-7acb92a51a85";
EclipseMoon01 = "adef4af7-d8c6-4627-b492-e990ea1bb993";
Fallaryn = "d8baa117-ab58-4b07-92a5-48fb1978eb49";
};
};
};
sops =
let
sopsPath = secret: {
path = "${service.sops.path0}/${service.name}-${secret}";
owner = service.name;
mode = "600";
};
in
{
secrets = builtins.listToAttrs (
map
(secret: {
name = "${service.name}-${secret}";
value = sopsPath secret;
})
[
"pass"
]
);
};
fileSystems."/var/lib/${service.name}" = {
device = service.paths.path0;
fsType = "none";
options = [
"bind"
];
depends = [
ceres.storage0.mount
];
};
systemd.tmpfiles.rules = [
"Z ${service.paths.path0} 0755 ${service.name} ${service.name} -"
"Z ${service.sops.path0} 0755 ${service.name} ${service.name} -"
];
networking = {
firewall = {
allowedTCPPorts = [
service.ports.port0
];
};
};
}

48
modules/nixos/services/prompter/default.nix
View file

@ -1,48 +0,0 @@
{ config, flake, ... }:
let
inherit (flake.config.services.instances)
prompter
;
service = prompter;
host = prompter.domains.url0;
in
{
services = {
caddy = {
environmentFile = config.sops.secrets."caddy/${service.name}-auth".path;
virtualHosts = {
"${host}" = {
extraConfig = ''
basicauth {
{$CADDY_AUTH_USER} {$CADDY_AUTH_PASSWORD_HASH}
}
root * ${service.paths.path0}
file_server
encode gzip
try_files {path} /index.html
tls ${service.ssl.cert} ${service.ssl.key}
'';
};
};
};
};
sops =
let
sopsPath = secret: {
path = "${service.sops.path0}/${service.name}-${secret}.env";
owner = "caddy";
mode = "0400";
};
in
{
secrets = {
"caddy/${service.name}-auth" = sopsPath "auth";
};
};
systemd.tmpfiles.rules = [
"Z ${service.paths.path0} 755 caddy caddy -"
"Z ${service.sops.path0} 755 caddy caddy -"
];
}

13
modules/nixos/services/samba/sambaCeres/default.nix
View file

@ -27,6 +27,19 @@ in
"force create mode" = "0664"; "force create mode" = "0664";
"force directory mode" = "0775"; "force directory mode" = "0775";
}; };
"storage0" = {
path = "/mnt/storage";
browseable = "yes";
writeable = "yes";
"guest ok" = "no";
"create mask" = "0664";
"directory mask" = "0775";
"force user" = "microvm";
"force group" = "wheel";
"force create mode" = "0664";
"force directory mode" = "0775";
};
}; };
}; };
}; };

7
secrets/secrets.yaml
View file

@ -21,7 +21,8 @@ forgejo:
smtp: ENC[AES256_GCM,data:rL1loo/yKrIPmZVpa6S8ka9lX2bwkgCNYRCZ1Np07ANp,iv:Si2sqBNlVQzi8rlfp8WQFUoyu4xJGfPYc9N6V6jrry4=,tag:SdPIRaiiIaHe1DnOxp1Y0Q==,type:str] smtp: ENC[AES256_GCM,data:rL1loo/yKrIPmZVpa6S8ka9lX2bwkgCNYRCZ1Np07ANp,iv:Si2sqBNlVQzi8rlfp8WQFUoyu4xJGfPYc9N6V6jrry4=,tag:SdPIRaiiIaHe1DnOxp1Y0Q==,type:str]
zookeeper: zookeeper:
env: ENC[AES256_GCM,data:CEEUmzRxvyeXSQfwUkmZq46HQNkv3I+wMzkBoUpAlh3D5O3L5kCeoDksDWuQrVTeQfIwKj18LDeeG+2Bz5XOVPTyXm/Ap+m2Jw==,iv:6eX7ocY5PiQaJ0KBDiKxhx0UguuQWcIbiZSYHY2hHjU=,tag:6vXg2fzRyfuJd5G3yNeUNA==,type:str] env: ENC[AES256_GCM,data:CEEUmzRxvyeXSQfwUkmZq46HQNkv3I+wMzkBoUpAlh3D5O3L5kCeoDksDWuQrVTeQfIwKj18LDeeG+2Bz5XOVPTyXm/Ap+m2Jw==,iv:6eX7ocY5PiQaJ0KBDiKxhx0UguuQWcIbiZSYHY2hHjU=,tag:6vXg2fzRyfuJd5G3yNeUNA==,type:str]
minecraft-pass: ENC[AES256_GCM,data:0natV6dEpItFp5zsUKqgVMZLLmqRLBEf,iv:Bc7RTXnpdec0wn25Rb7SkVTf5BjXzq3YCXcjwrC7V9k=,tag:Og5qN94G6pHdpIk6YDg1ZA==,type:str] minecraft:
world0: ENC[AES256_GCM,data:pz7P5g9jRL8KaARfSs2ddmN76ioKSuSv7A==,iv:ZFIhS15BPxHzTW4aPpT7A8R4rxuyNNGjPJXqJXYoBpk=,tag:aymiUs87YR519eZN8Aopyw==,type:str]
vaultwarden: vaultwarden:
env: ENC[AES256_GCM,data:1MzIqnV/PCGNNqKVwhxZfmV92vRQsn3OxuvCXUtKyCmoA2xxD91U3EmMikTqM3EOHYAMHbF66YgQC5JjivbIF06OCeXMMLpGuN8ibCUQq7M6PQ34/LDMZnqynmC3/U0FJglSU7o1KA0=,iv:novSYG6j0l17xogdE5WiS2gNPNAVKeX9lgxe5EohBHk=,tag:w43z7a/MzObvVTQh8AiSTA==,type:str] env: ENC[AES256_GCM,data:1MzIqnV/PCGNNqKVwhxZfmV92vRQsn3OxuvCXUtKyCmoA2xxD91U3EmMikTqM3EOHYAMHbF66YgQC5JjivbIF06OCeXMMLpGuN8ibCUQq7M6PQ34/LDMZnqynmC3/U0FJglSU7o1KA0=,iv:novSYG6j0l17xogdE5WiS2gNPNAVKeX9lgxe5EohBHk=,tag:w43z7a/MzObvVTQh8AiSTA==,type:str]
dns: dns:
@ -64,7 +65,7 @@ sops:
bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-17T02:11:29Z" lastmodified: "2025-11-18T04:44:47Z"
mac: ENC[AES256_GCM,data:hDts38zNNXTADzifmtdQhcC8mYE44eqGbnJU8RlXCoK/E7DV9frGqH1UHZFe+47Lk3byw/PF98GgT6u44BNQSQE9+h1D9IIBIqkG2WzeRA5JczW+yFjK/znGzYMmrIbQxqKlGY11KB7kEqi8wlaShhgnaWv2H4/eFGDmiwhv/zg=,iv:02j20UCXTkfx+XgtcF1kma3ljUElofd8tDtNRWC7Wn0=,tag:2JDbn4rqrgQpya1gRAImVg==,type:str] mac: ENC[AES256_GCM,data:B7g1vWlTq3SgmEr5ZMRXMJDmZa9G0OMaNqQLciNVTEwbR8h98K/5qdUl9XieA2Pr5114XwpV838iniCOeQfW3R7YTfhATw71flr1p6mXdHPIErVSFdeCT+xLhRk2uxCQLfQGiiZDcsuFt82byEYhgeXgrgp6ivo/sQOLaXAnbSY=,iv:eK9F3/tLxiEJnumuU6zVDh34fvXl3skCb0e4woZ59kI=,tag:hcaf72tZ4WuL3oAR/nuuEA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0

1
systems/mars/config/filesystem.nix
View file

@ -26,6 +26,7 @@ in
]; ];
ceresFolders = [ ceresFolders = [
"storage" "storage"
"storage0"
]; ];
storageMounts = storageDrive: { storageMounts = storageDrive: {
name = "${mars.${storageDrive}.mount}"; name = "${mars.${storageDrive}.mount}";